FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 03-25-2009, 02:44 PM
Mike O'Connor
 
Default NEW processing

On Wed, Mar 25, 2009 at 04:24:59PM +0100, Cyril Brulebois wrote:
> Mike O'Connor <stew@debian.org> (25/03/2009):
> > Yes, there have definately been times when packages are rejected from
> > NEW that only got there becuase of a package addition. I'd say its
> > common, even. If a package passes through new, then the maintainer
> > uploads without really paying attention to what they are uploading,
> > upstream licensing may have changed, making the package no longer
> > acceptable. Or the package might have passed NEW in the past when it
> > really shoudln't have.
>
> And while the new package is kept out, the package currently in the
> archive might not be suitable at all. In the case of a single binary
> addition, that would mean as many RC bugs as REJECTED packages, don't
> you think?

yes, usually it should. It doesn't always. I have tried to file bugs
when I find them in the archive. The citadel related packages are a
recent example of this. Unfortunately they don't always get filed. In
my mind it would be better if the maintainers were to do this, seeing as
it is evendenced by threads like this, we are having trouble keeping up
with the NEW queue wihtout doing all of the source checks of packages
not in the queue as you seem to be suggesting we should possibly be
doing.

stew
 
Old 03-25-2009, 02:57 PM
Clint Adams
 
Default NEW processing

On Wed, Mar 25, 2009 at 11:44:19AM -0400, Mike O'Connor wrote:
> yes, usually it should. It doesn't always. I have tried to file bugs
> when I find them in the archive. The citadel related packages are a
> recent example of this. Unfortunately they don't always get filed. In
> my mind it would be better if the maintainers were to do this, seeing as
> it is evendenced by threads like this, we are having trouble keeping up
> with the NEW queue wihtout doing all of the source checks of packages
> not in the queue as you seem to be suggesting we should possibly be
> doing.

Can you comment on why citadel was not immediately removed from Debian
if it merited a REJECT?


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 03-25-2009, 03:03 PM
Changwoo Ryu
 
Default NEW processing

2009-03-25 (수), 11:13 -0400, Mike O'Connor:
> On Wed, Mar 25, 2009 at 06:18:00PM +0900, Changwoo Ryu wrote:

> > OTH, do we really need a manual check for SONAME bump? Was there any
> > upload rejection in the past on new binary package addition cases?
>
> Yes, there have definately been times when packages are rejected from
> NEW that only got there becuase of a package addition. I'd say its
> common, even. If a package passes through new, then the maintainer
> uploads without really paying attention to what they are uploading,
> upstream licensing may have changed, making the package no longer
> acceptable. Or the package might have passed NEW in the past when it
> really shoudln't have.

Such mistakes can always happen, even by usual package upgrade with no
NEW check. But we are distributing those buggy updated packages and
fixing such bugs over time. I doubt new binary package (SONAME bumps,
-{doc,data} package splitting, etc) introduces such bugs more often than
usual upload.

--
Changwoo Ryu <cwryu@debian.org>
 
Old 03-25-2009, 03:10 PM
Cyril Brulebois
 
Default NEW processing

Mike O'Connor <stew@debian.org> (25/03/2009):
> [...] we are having trouble keeping up with the NEW queue wihtout
> doing all of the source checks of packages not in the queue as you
> seem to be suggesting we should possibly be doing.

Actually, that's not what I meant to suggest. I've been wondering for
a while whether to add a binary package (a debug one) to one of mine.
A possible question is: will an RC bug be opened against the current
package if the NEW one gets REJECTED for missing licenses?

If that's the case, fine. We're going to fix those horrible licensing
issues we have in the archive as soon as a binary package is added. But
that can also mean one will refrain from adding binary packages because
one is lazy/doesn't have time to check licenses etc.

If that's not the case, one might be tempted to try and sneak a new
binary package through NEW, without worrying about the consequences (a
possible RC bug).

And since I'm all for full disclosure, try the following and guess why
there's no blender-dbg package yet:
$ apt-get source blender && ls -d blender-*/extern/*/

(To be discharge, I'm already fighthing against embedded code copies and
with time, things are getting better, but I'm not done yet.)

To sum up: that was a real question, I didn't mean to point fingers.

Mraw,
KiBi.
 
Old 03-25-2009, 04:57 PM
Luk Claes
 
Default NEW processing

Michael Meskes wrote:
> On Wed, Mar 25, 2009 at 04:24:59PM +0100, Cyril Brulebois wrote:
>> Mike O'Connor <stew@debian.org> (25/03/2009):
>>> Yes, there have definately been times when packages are rejected from
>>> NEW that only got there becuase of a package addition. I'd say its
>> ...
>> And while the new package is kept out, the package currently in the
>> archive might not be suitable at all. In the case of a single binary
>
> Or the package staying in the archive might even have a security problem. Yes,
> even that happened.

Well, it's a bad sign that people are mixing the fixing of RC/security
bugs with new (binary) packages unless the bugs cannot be fixed without
them (which usually is *not* the case).

Cheers

Luk


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 03-25-2009, 05:09 PM
Cyril Brulebois
 
Default NEW processing

Luk Claes <luk@debian.org> (25/03/2009):
> Michael Meskes wrote:
> > On Wed, Mar 25, 2009 at 04:24:59PM +0100, Cyril Brulebois wrote:
> >> And while the new package is kept out, the package currently in the
> >> archive might not be suitable at all. In the case of a single binary
^^^^^^^^^^^^^^^

> > Or the package staying in the archive might even have a security
> > problem. Yes, even that happened.
>
> Well, it's a bad sign that people are mixing the fixing of RC/security
> bugs with new (binary) packages unless the bugs cannot be fixed
> without them (which usually is *not* the case).

Just to clarify my initial thought, I was talking about RC-bugginess due
to possible license/copyright issues, those which would warrant a
REJECT.

Mraw,
KiBi.
 
Old 03-25-2009, 05:32 PM
Mike O'Connor
 
Default NEW processing

On Wed, Mar 25, 2009 at 03:57:49PM +0000, Clint Adams wrote:
> On Wed, Mar 25, 2009 at 11:44:19AM -0400, Mike O'Connor wrote:
> > yes, usually it should. It doesn't always. I have tried to file bugs
> > when I find them in the archive. The citadel related packages are a
> > recent example of this. Unfortunately they don't always get filed. In
> > my mind it would be better if the maintainers were to do this, seeing as
> > it is evendenced by threads like this, we are having trouble keeping up
> > with the NEW queue wihtout doing all of the source checks of packages
> > not in the queue as you seem to be suggesting we should possibly be
> > doing.
>
> Can you comment on why citadel was not immediately removed from Debian
> if it merited a REJECT?
>

I cannot. I can say that I opened RC bugs and made sure others from the
FTP team and from Release and Stable Release were aware of exactly what
was happening. The uploader was upstream, so upstream was being made
aware as well.

Would you recommend that we remove packages from stable when this
happens?

stew
 
Old 03-25-2009, 06:04 PM
Clint Adams
 
Default NEW processing

On Wed, Mar 25, 2009 at 02:32:19PM -0400, Mike O'Connor wrote:
> I cannot. I can say that I opened RC bugs and made sure others from the
> FTP team and from Release and Stable Release were aware of exactly what
> was happening. The uploader was upstream, so upstream was being made
> aware as well.
>
> Would you recommend that we remove packages from stable when this
> happens?

Yes, I would say that if the problem is so severe that a package must
be REJECTed, then logically it would follow that the packages in the
archive are intolerable enough that they should be removed forthwith.

I'm curious about how others reconcile not doing so.


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 06:25 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org